PT-2026-42744 · Ster · Ster
Michelin Cert
·
Published
2026-05-22
·
Updated
2026-05-22
·
CVE-2026-25608
CVSS v4.0
2.3
Low
| Vector | AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
STER versions prior to 9.5
Description
STER uses unencrypted TCP traffic to transmit data over the network. This allows an attacker to conduct a Man-In-The-Middle attack—a technique where an attacker intercepts communication between two parties—to obtain sensitive data such as passwords, personal data, or authentication tokens.
Recommendations
Update to version 9.5.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ster